Collaborate Disseminate
On HTML5, we can use localStorage to keep data persistently on client side. It seems better from a non-security point of view (easy to access, not 5mb limit like cookies, etc).
https://www.w3schools.com/html/html5_webstorage… Continue reading Cookie vs HTML5 localStorage
We know that cookies with httpOnly and secure flag are immune to XSS and vulnerable to CSRF attacks. And at the same time we know that local storage is vulnerable to XSS, but can protect against CSRF.
So, what if we combine… Continue reading Is it a good practice to combine cookies and local storage to protect against XSS and CSRF?
In this Ask the Admin, Russell Smith looks at the benefits of cloud storage and why a combination of cloud and on-premises solutions is sometimes a happy medium.
The post Choosing Between Cloud or On-Premises Storage for Small Business appeared first on Petri.
Continue reading Choosing Between Cloud or On-Premises Storage for Small Business
In part one of this article, Russell Smith looks at the advantages for small businesses of server hardware running Windows Server Essentials for local storage needs.
The post Selecting the Right SME Storage Solution Part 1: Windows Server appeared first on Petri.
Continue reading Selecting the Right SME Storage Solution Part 1: Windows Server
I have read about the functioning of Chrome for storing passwords. I realized that it stores an encrypted sql database locally and it also stores them online. I find it more secure to have them only online.
Is there a way to … Continue reading Store password in Chrome exclusively online
I made a localhost web server on port 80. I wonder if there is any vulnerability! If exist any attack via localhost, I want to know how and if it’s possible.
My internal and external ip is 127.0.0.1! I’ve created a network … Continue reading Is there an attack via localhost? [on hold]
We have multiple desktop applications that are being used by clients on unconnected desktop computers. The application instances are being used by multiple users secured by username and password. The problem is that these users share the same windows account and thus have the same security level in the operating system. In addition to this these applications store privacy sensitive data in a local database (LocalDB).
In an ideal world the applications would be connected to a secured server that stores the data, but this is not possible. What would be the best approach to improve the security of handling privacy sensitive data in a local windows application? These applications should in theory conform to the privacy regulations in Europe and Hipaa in the US.
Quoted from the Health Insurance Portability and Accountability Act of 1996 (HIPAA):
A covered entity must, in accordance with §164.306… Implement a
mechanism to encrypt and decrypt electronic protected health
information.” (45 CFR § 164.312(a)(2)(iv))
Encrypting data in a local database is not easy, because our current solution (LocalDB) does not support it. The harder question is where should we store encryption keys on a desktop machine?
Continue reading Storing privacy sensitive data in a local application
I’m working on a single-page sessionless app with OAuth2 login and a “Remember me” checkbox. When the user checks “Remember me” on login I store the refresh token in LocalStorage for 30 days. It feels a little insecure to jus… Continue reading How to handle OAuth2 refresh_token for sessionless login?
I’m working on a single-page sessionless app with OAuth2 login and a “Remember me” checkbox. When the user checks “Remember me” on login I store the refresh token in LocalStorage for 30 days. It feels a little insecure to jus… Continue reading How to handle OAuth2 refresh_token for sessionless login?
I am (partly) following a tutorial to develop a cordova app, based on angularJS. The author stores the refresh token in local storage, which was said to be very bad practice in one of the comments on that same tutorial. This is confirmed i… Continue reading Cordova/Phonegap: RefreshToken in localstorage